The security database on the server does not have a computer account for this workstation trust relationship

The security database on the server does not have a computer account for this workstation trust relationship – I am not sure how many of you have come across an error which says “The security database on the server does not have a computer account for this workstation trust relationship”. Most of the times I have seen this error when the machine is turned off for a very extended period of time & when powered on if the user tries logging in, the workstation trust relationship error is seen. One of the most easiest fix for this error is to rejoin the computer to the domain. This would require the computer account to be joined back to the domain and a reboot. This solution works for most of the times, however I have come across many instances where the domain rejoin didn’t fix this issue. So why do we see this error ? – this issue is due to a mismatch between attributes of the computer account in Active Directory and those values on the system itself.

If you are planning to fix this error by rejoining the computer to the domain then follow the below listed steps :-

1) First unjoin the computer from the domain and make sure you set a local administrator password on machine or set an user account password which is a member of local administrators group.

2) Reboot the machine.

3) On the domain controller, go to Active Directory Users and Computers and delete the computer account.

4) This may take up to a few minutes for the changes to replicate between all of the Active Directory domain controllers. So wait for few minutes.

5) Rejoin the machine to the domain.

If the above method doesn’t fix the issue then try the below steps :-

Suppose that your computer name is WIN7.PRAJWAL.LOCAL, Open the Active Directory Users and Computers, locate the computer object, right click the computer object & click Attribute editor. You should see the below listed attribute pairs or values in attribute list.

If you find that any of these entries is incorrect for your computer object, go ahead and modify them to the correct one. Once you fix the entries then you should be able to login. Note that when you make any changes, please remember that it may take up to a few minutes for the changes to replicate between all of the Active Directory domain controllers. So this method works fine & does not need a reboot of the machine.

There’s got to be a better way. Came back from over the weekend and about 45 of the 300 computers are saying this. Rejoining 45 to the domain is not something I wanted to spend my week doing. Haven’t had this error in the 5 years since I set up the server / client computers at this location.

But why is this happening, sometimes it will happen to several of our computers and I have to go around and disjoin and rename and rejoin, its a pain and very time consuming, I just had one I just added to the domain then it did some windows updates and rebooted and now its getting that message, I have also had my exchange server get this error message and I have to go in and pray that a reboot will solve the issue as I can’t just simply disjoin the exchange and rename it and rejoin it. I know this solution works but this can’t be the only solution, there has a to be a permanent solution or a reason to why its happening.